Okay, here's my current methodology for creating WAB apps.
1. Publish ArcGIS Server service(s) to ArcGIS Server (local).
2. Create web map on ArcGIS Online that uses the service(s) from step 1.
3. Use the Web Appbuilder (dev version) to create a web app that uses the web map from step 2.
4. Download the WAB app and deploy it on my local web server.
So, up until now, this has worked fairly well for us. The problem comes when I want to restrict access to resources published in a particular web map (until now, everything I've deployed via WAB has been publicly accessible). I have tried setting the "sharing" option in ArcGIS Online for the web map to specific ArcGIS Online "groups". I can get this to work only after registering the locally-served app with ArcGIS Online and editing the config.json to include the "appId" generated after this registration process (otherwise, I get errors when attempting to login -see bug description below).
The problem I am coming across is that I am limited by the number of logins/users/seats/etc we have as an "Organization" within ArcGIS Online. So, let's say I want to be able to share my app with 50 members of my organization. Then I need to have 50 logins to my "Organization" in ArcGIS Online. I guess I don't understand why this is the case. I mean, I'm hosting the ArcGIS Server services (ie the data) locally and hosting the web app locally, so why do I need 50 logins just to be able to share my app with my colleagues? Maybe I am missing something here. Can someone please enlighten me if so?
*We are using Enterprise Logins in ArcGIS Online, so it's possible that the part where I have to register the downloaded WAB app is a result of that, as per the bug below (from ESRI):
Defect ID: BUG-000099402
Synopsis: Specifying credentials for an ArcGIS Online enterprise account to access applications created using Web AppBuilder for ArcGIS (Developer Edition) returns the following error, "The username or password you entered is incorrect."
Status: Not in Current Product Plan
Workaround: Use a built-in ArcGIS Online account when signing in to access the web application.
Public Explanation: For supporting OAuth or SAML login, the app needs to be registered and add the appid to config.json file. The guide is documented in readme.html file in the downloaded app, and the developers site: https://developers.arcgis.com/web-appbuilder/guide/xt-deploy-app.htm#LI_D74BFE27BEA64CF19D1667B5E88E...
The way I do this is:
This does assume you have some .Net development skill.
I just thought I would throw this workflow out there for you to consider.
I followed the steps given by you to create authentication app and copied all of the WAB apps subfolders and other files into my .net app folder structure.
When i run i get error as
Please let me know if i have to add anything other file or reference.
I have done something very similar, but have some additional questions...
My current setup:
When we go live, I want to secure the the webmap on AGOL, but then this will cause the AGOL OAuth dialog to prompt the user to enter AGOL creds.
How can we avoid prompting the users again to enter an AGOL cred.
Any suggestions on a design pattern that would work here, would be greatly appreciated.
You use a proxy with stored credentials in the proxy.config and because your MVC app is secured though .Net authentication the use of the proxy will be limited to those who have been authenticated already.
Thank you, thank you, thank you!
I've been avoiding the proxy configuration as I figured I didn't require it and I really didn't fully understand it. After some reading, digging, and more reading I now have a working sample setup and a better understanding.
I do have some further questions about accessing different secured content on AGOL with different AGOL users. In the proxy.config I have the serverUrl pointing to our company AGOL root domain: https://mycompany.maps.arcgis.com.
Can the proxy serverUrl be configured to point to specific content/itemIds on AGOL?
IOW, is there a way to configure the proxy to point to Content-A with User-A, and Content-B with User-B
Or is my thinking flawed in this methodology?
Thanks again for your insight!